diff --git a/common.yml b/common.yml
deleted file mode 100644
index 534c27f..0000000
--- a/common.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-
-- name: apply common configuration to all nodes
- hosts: all
- remote_user: "{{ remote_privileged_user }}"
- become: yes
-
- roles:
- - common
\ No newline at end of file
diff --git a/database.yml b/database.yml
index 223e6b1..6865ad5 100644
--- a/database.yml
+++ b/database.yml
@@ -1,6 +1,6 @@
---
- name: deploy MariaDB and configure the databases
- hosts: dbserver
+ hosts: jiskefet_backend
remote_user: "{{ remote_privileged_user }}"
become: yes
diff --git a/docs/create-test-inventory.md b/docs/create-test-inventory.md
index 5661fb2..c13413e 100644
--- a/docs/create-test-inventory.md
+++ b/docs/create-test-inventory.md
@@ -3,11 +3,11 @@ Create your own inventory for tests
An Ansible inventory is basically a list of hostnames grouped into logical sets:
```
# example from official documentation
-[webservers]
+[jiskefet-frontend]
foo.example.com
bar.example.com
-[dbservers]
+[jiskefet-backend]
one.example.com
two.example.com
three.example.com
diff --git a/docs/setting_up_ssh.md b/docs/setting_up_ssh.md
index be59fc9..87ad830 100644
--- a/docs/setting_up_ssh.md
+++ b/docs/setting_up_ssh.md
@@ -122,10 +122,10 @@ host_vars
It is possible to set the ssh parameters in the host file as displayed below. The drawback is that the credentials will be exposed. If possible, please refrain from using this setup.
```ini
-[webservers]
+[jiskefet-frontend]
jiskefet-api ansible=your_user_here ansible_ssh_pass=your_password_here
-[dbservers]
+[jiskefet-backend]
jiskefet-db ansible=your_user_here ansible_ssh_pass=your_password_here
```
diff --git a/jiskefet_backend.yml b/jiskefet_backend.yml
new file mode 100644
index 0000000..202d507
--- /dev/null
+++ b/jiskefet_backend.yml
@@ -0,0 +1,10 @@
+---
+- name: configure and deploy the webservers and application code
+ hosts: jiskefet_backend
+ remote_user: "{{ remote_privileged_user }}"
+ become: yes
+ vars:
+ - temp_folder: /tmp
+
+ roles:
+ - jiskefet-backend
\ No newline at end of file
diff --git a/webserver.yml b/jiskefet_common.yml
similarity index 76%
rename from webserver.yml
rename to jiskefet_common.yml
index 5773ac5..8d6630a 100644
--- a/webserver.yml
+++ b/jiskefet_common.yml
@@ -1,6 +1,6 @@
---
- name: configure and deploy the webservers and application code
- hosts: webserver
+ hosts: jiskefet_frontend, jiskefet_backend
remote_user: "{{ remote_privileged_user }}"
become: yes
vars:
@@ -9,5 +9,5 @@
roles:
- nginx
- nodejs
- - web
+ - jiskefet-common
- ntp-client
\ No newline at end of file
diff --git a/jiskefet_frontend.yml b/jiskefet_frontend.yml
new file mode 100644
index 0000000..dfeb483
--- /dev/null
+++ b/jiskefet_frontend.yml
@@ -0,0 +1,10 @@
+---
+- name: configure and deploy the webservers and application code
+ hosts: jiskefet_frontend
+ remote_user: "{{ remote_privileged_user }}"
+ become: yes
+ vars:
+ - temp_folder: /tmp
+
+ roles:
+ - jiskefet-frontend
\ No newline at end of file
diff --git a/roles/basevars/defaults/main.yml b/roles/basevars/defaults/main.yml
index ed97d53..0c72de0 100644
--- a/roles/basevars/defaults/main.yml
+++ b/roles/basevars/defaults/main.yml
@@ -1 +1,28 @@
---
+application_name: "Logbook ITS"
+remote_privileged_user: root
+jiskefet_user: jiskefet
+mysql_root_password: abd1516812
+USE_CERN_SSO: true
+
+jiskefet_api_general_settings:
+ TYPEORM_HOST: "{{inventory_hostname}}"
+ TYPEORM_USERNAME: 'jiskefet'
+ TYPEORM_PASSWORD: 'abd1516812'
+ TYPEORM_DATABASE: 'jiskefetdb'
+ JWT_SECRET_KEY: 'NHcW7x9K'
+ PORT: 3000
+
+jiskefet_api_optional_settings:
+ TEST_DB_HOST: localhost
+ TEST_DB_DATABASE:
+ TEST_DB_USERNAME:
+ TEST_DB_PASSWORD:
+
+jiskefet_ui_settings:
+ USE_API_PREFIX: true
+ ALLOW_ANONYMOUS: true
+
+# If you use CERN SSO set true then you need to use the correct settings below. Check CERN oauth page to setup credentials.
+jiskefet_cern_oauth_settings:
+ CERN_REGISTERED_URI: "http://{{inventory_hostname}}/callback"
\ No newline at end of file
diff --git a/roles/basevars/tasks/main.yml b/roles/basevars/tasks/main.yml
deleted file mode 100644
index a1c59df..0000000
--- a/roles/basevars/tasks/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-# Set default variables
-#- import_tasks: set-default-values.yml
\ No newline at end of file
diff --git a/roles/basevars/vars/main.yml b/roles/basevars/vars/main.yml
index 1711086..c2fb9cb 100644
--- a/roles/basevars/vars/main.yml
+++ b/roles/basevars/vars/main.yml
@@ -1,18 +1,2 @@
---
-remote_privileged_user: root
-jiskefet_user: jiskefet
-mysql_root_password: abd1516812
-
-jiskefet_api_general_settings:
- TYPEORM_HOST: jiskefet-development.cern.ch
- TYPEORM_USERNAME: jiskefet
- TYPEORM_PASSWORD: Kaas
- TYPEORM_DATABASE: jiskefetdb
- JWT_SECRET_KEY: Kaas123
- PORT: 3000
- USE_API_PREFIX: true
-jiskefet_api_optional_settings:
- TEST_DB_HOST: localhost
- TEST_DB_DATABASE:
- TEST_DB_USERNAME:
- TEST_DB_PASSWORD:
\ No newline at end of file
+nginx_version: 1.16.0
\ No newline at end of file
diff --git a/inventory-jiskefet/group_vars/dbservers b/roles/jiskefet-backend/default/main.yml
similarity index 100%
rename from inventory-jiskefet/group_vars/dbservers
rename to roles/jiskefet-backend/default/main.yml
diff --git a/roles/web/files/ecosystem.json b/roles/jiskefet-backend/files/ecosystem.json
similarity index 100%
rename from roles/web/files/ecosystem.json
rename to roles/jiskefet-backend/files/ecosystem.json
diff --git a/roles/web/handlers/main.yml b/roles/jiskefet-backend/handlers/main.yml
similarity index 100%
rename from roles/web/handlers/main.yml
rename to roles/jiskefet-backend/handlers/main.yml
diff --git a/roles/common/meta/main.yml b/roles/jiskefet-backend/meta/main.yml
similarity index 100%
rename from roles/common/meta/main.yml
rename to roles/jiskefet-backend/meta/main.yml
diff --git a/roles/web/tasks/change-env-variables.yml b/roles/jiskefet-backend/tasks/change-env-variables-backend.yml
similarity index 65%
rename from roles/web/tasks/change-env-variables.yml
rename to roles/jiskefet-backend/tasks/change-env-variables-backend.yml
index 8a4083b..eb1610f 100644
--- a/roles/web/tasks/change-env-variables.yml
+++ b/roles/jiskefet-backend/tasks/change-env-variables-backend.yml
@@ -7,25 +7,6 @@
# */
---
-- name: Check if .env exists in jiskefet-ui project
- stat:
- path: /var/lib/jiskefet/jiskefet-ui/.env
- register: stat_result
- become_user: "{{ jiskefet_user }}"
-
-- name: Create .env in jiskefet-ui if it does not exist.
- when: stat_result.stat.exists == False
- file:
- path: /var/lib/jiskefet/jiskefet-ui/.env
- state: touch
- become_user: "{{ jiskefet_user }}"
-
-- name: Set general settings for jiskefet-ui .env
- lineinfile:
- path: /var/lib/jiskefet/jiskefet-ui/.env
- line: "{{ item.key }}={{ item.value }}"
- with_dict: "{{ jiskefet_ui_settings }}"
-
- name: Check if .env exists in jiskefet-api project
stat:
path: /var/lib/jiskefet/jiskefet-api/.env
@@ -52,13 +33,6 @@
line: "{{ item.key }}={{ item.value }}"
with_dict: "{{ jiskefet_api_general_settings }}"
-- name: Set OAuth settings for jiskefet-api .env
- lineinfile:
- path: /var/lib/jiskefet/jiskefet-api/.env
- regexp: "{{ item.key }}=(.*)$"
- line: "{{ item.key }}={{ item.value }}"
- with_dict: "{{ jiskefet_oauth_settings }}"
-
- name: Set CERN oauth settings for jiskefet-api .env
when: USE_CERN_SSO | lower == "true"
lineinfile:
@@ -72,4 +46,4 @@
regexp: "{{ item.key }}=(.*)$"
line: "{{ item.key }}={{ item.value }}"
with_dict: "{{ jiskefet_api_optional_settings }}"
-...
+...
\ No newline at end of file
diff --git a/roles/jiskefet-backend/tasks/createdbuser.yml b/roles/jiskefet-backend/tasks/createdbuser.yml
new file mode 100644
index 0000000..e2a3807
--- /dev/null
+++ b/roles/jiskefet-backend/tasks/createdbuser.yml
@@ -0,0 +1,12 @@
+---
+- name: Set {{ jiskefet_api_general_settings.TYPEORM_USERNAME }} user password
+ mysql_user:
+ name: "{{ jiskefet_api_general_settings.TYPEORM_USERNAME }}"
+ host: "{{inventory_hostname}}"
+ password: "{{ jiskefet_api_general_settings.TYPEORM_PASSWORD }}"
+ check_implicit_admin: "yes"
+ login_user: "root"
+ login_password: "{{ mysql_root_password }}"
+ state: "present"
+ tags: configuration
+...
\ No newline at end of file
diff --git a/roles/jiskefet-backend/tasks/getapi.yml b/roles/jiskefet-backend/tasks/getapi.yml
new file mode 100644
index 0000000..b01094c
--- /dev/null
+++ b/roles/jiskefet-backend/tasks/getapi.yml
@@ -0,0 +1,11 @@
+---
+- name: checkout jiskefet-api
+ git:
+ repo: "{{ remote_repository_url.JISKEFET_API }}"
+ dest: /var/lib/jiskefet/jiskefet-api
+ force: yes
+ version: "{{ repository_branch.JISKEFET_API }}"
+ become_user: "{{ jiskefet_user }}"
+ tags:
+ - git_pull
+...
\ No newline at end of file
diff --git a/roles/web/tasks/main.yml b/roles/jiskefet-backend/tasks/main.yml
similarity index 91%
rename from roles/web/tasks/main.yml
rename to roles/jiskefet-backend/tasks/main.yml
index b2ecf8f..fa9e4c7 100644
--- a/roles/web/tasks/main.yml
+++ b/roles/jiskefet-backend/tasks/main.yml
@@ -32,27 +32,29 @@
# When "{{ use_hostname_as_remote_address }}" is set to false, ansible will check if the "{{ ansible_remote_address }}"
# If the variable is defined, it will use the user defined value, otherwise it will default to the result of variable
# "{{ ansible_default_ipv4.address }}".
-- import_tasks: firewall.yml
-- import_tasks: set-default-values.yml
# Install git
-- include_tasks: git.yml
+- include_tasks: getapi.yml
when: use_local_repository == "no"
tags:
- git_pull
# Unarchive projects
-- include_tasks: unarchive.yml
+- include_tasks: unarchive-backend.yml
when: use_local_repository == "yes"
# Setting the environment variables
-- import_tasks: change-env-variables.yml
+- import_tasks: change-env-variables-backend.yml
tags:
- git_pull
# Do npm install
-- import_tasks: npm.yml
+- import_tasks: npm-backend.yml
+ tags:
+ - git_pull
+
+- import_tasks: createdbuser.yml
tags:
- git_pull
diff --git a/roles/jiskefet-backend/tasks/npm-backend.yml b/roles/jiskefet-backend/tasks/npm-backend.yml
new file mode 100644
index 0000000..165b0de
--- /dev/null
+++ b/roles/jiskefet-backend/tasks/npm-backend.yml
@@ -0,0 +1,15 @@
+# /*
+# * Copyright (C) 2018 Amsterdam University of Applied Sciences (AUAS)
+# *
+# * This software is distributed under the terms of the
+# * GNU General Public Licence version 3 (GPL) version 3,
+# * copied verbatim in the file "LICENSE"
+# */
+
+---
+- name: run npm install on jiskefet-api
+ command: npm install
+ become_user: "{{ jiskefet_user }}"
+ args:
+ chdir: "/var/lib/jiskefet/jiskefet-api"
+...
\ No newline at end of file
diff --git a/roles/web/tasks/pm2.yml b/roles/jiskefet-backend/tasks/pm2.yml
similarity index 100%
rename from roles/web/tasks/pm2.yml
rename to roles/jiskefet-backend/tasks/pm2.yml
diff --git a/roles/web/tasks/unarchive.yml b/roles/jiskefet-backend/tasks/unarchive-backend.yml
similarity index 72%
rename from roles/web/tasks/unarchive.yml
rename to roles/jiskefet-backend/tasks/unarchive-backend.yml
index 511d2d1..ea51236 100644
--- a/roles/web/tasks/unarchive.yml
+++ b/roles/jiskefet-backend/tasks/unarchive-backend.yml
@@ -13,11 +13,4 @@
src: ../jiskefet-api.tar
dest: /var/lib/jiskefet
become_method: sudo
-
-- name: Unarchive ui files to remote
- unarchive:
- owner: "{{ jiskefet_user }}"
- src: ../jiskefet-ui.tar
- dest: /var/lib/jiskefet
- become_method: sudo
...
diff --git a/roles/web/vars/main.yml b/roles/jiskefet-backend/vars/main.yml
similarity index 72%
rename from roles/web/vars/main.yml
rename to roles/jiskefet-backend/vars/main.yml
index abbc8e7..1835daa 100644
--- a/roles/web/vars/main.yml
+++ b/roles/jiskefet-backend/vars/main.yml
@@ -5,7 +5,7 @@ deploy_environment: prod
remote_repository_url:
JISKEFET_API: https://github.com/SoftwareForScience/jiskefet-api
- JISKEFET_UI: https://github.com/SoftwareForScience/jiskefet-ui
+
repository_branch:
JISKEFET_API: develop
- JISKEFET_UI: develop
\ No newline at end of file
+
diff --git a/roles/mariadb/handlers/main.yml b/roles/jiskefet-common/handlers/main.yml
similarity index 71%
rename from roles/mariadb/handlers/main.yml
rename to roles/jiskefet-common/handlers/main.yml
index f0cee9a..cef6e61 100644
--- a/roles/mariadb/handlers/main.yml
+++ b/roles/jiskefet-common/handlers/main.yml
@@ -7,22 +7,17 @@
# */
---
-- name: restart firewalld
+- name: restart NGiNX
become_method: sudo
service:
- name: firewalld
+ name: nginx
state: restarted
+ tags:
+ - git_pull
-- name: enable mariadb on reboot
- become_method: sudo
- service:
- name: mariadb
- state: started
- enabled: true
-
-- name: restart mysql
+- name: restart firewalld
become_method: sudo
service:
- name: mysql
+ name: firewalld
state: restarted
...
diff --git a/roles/mariadb/meta/main.yml b/roles/jiskefet-common/meta/main.yml
similarity index 100%
rename from roles/mariadb/meta/main.yml
rename to roles/jiskefet-common/meta/main.yml
diff --git a/roles/common/tasks/create-jiskefet-user.yml b/roles/jiskefet-common/tasks/create-jiskefet-user.yml
similarity index 95%
rename from roles/common/tasks/create-jiskefet-user.yml
rename to roles/jiskefet-common/tasks/create-jiskefet-user.yml
index 4f2e9c2..6976197 100644
--- a/roles/common/tasks/create-jiskefet-user.yml
+++ b/roles/jiskefet-common/tasks/create-jiskefet-user.yml
@@ -32,7 +32,7 @@
when: "jiskefet_user != 'root'"
tags: configuration
- - name: Ensure group {{ jiskefet_user}} exists
+ - name: Ensure group {{ jiskefet_user }} exists
group:
name: jiskefet
state: present
diff --git a/roles/web/tasks/firewall.yml b/roles/jiskefet-common/tasks/firewall.yml
similarity index 100%
rename from roles/web/tasks/firewall.yml
rename to roles/jiskefet-common/tasks/firewall.yml
diff --git a/roles/common/tasks/main.yml b/roles/jiskefet-common/tasks/git.yml
similarity index 65%
rename from roles/common/tasks/main.yml
rename to roles/jiskefet-common/tasks/git.yml
index 70efcbf..1ea1617 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/jiskefet-common/tasks/git.yml
@@ -7,9 +7,9 @@
# */
---
-# create jiskefet users
-- import_tasks: create-jiskefet-user.yml
-
-# ensure firewall has been started
-#- import_tasks: firewall.yml
-...
+- name: install git
+ yum:
+ name: git
+ state: present
+ become_method: sudo
+...
\ No newline at end of file
diff --git a/roles/jiskefet-common/tasks/main.yml b/roles/jiskefet-common/tasks/main.yml
new file mode 100644
index 0000000..79d6da9
--- /dev/null
+++ b/roles/jiskefet-common/tasks/main.yml
@@ -0,0 +1,4 @@
+- import_tasks: create-jiskefet-user.yml
+- import_tasks: git.yml
+- import_tasks: firewall.yml
+- import_tasks: set-default-values.yml
diff --git a/roles/web/tasks/set-default-values.yml b/roles/jiskefet-common/tasks/set-default-values.yml
similarity index 89%
rename from roles/web/tasks/set-default-values.yml
rename to roles/jiskefet-common/tasks/set-default-values.yml
index 401f0e0..a1a1829 100644
--- a/roles/web/tasks/set-default-values.yml
+++ b/roles/jiskefet-common/tasks/set-default-values.yml
@@ -48,6 +48,8 @@
PORT: "{{ jiskefet_api_general_settings.PORT if ((jiskefet_api_general_settings.PORT is defined) and (jiskefet_api_general_settings.PORT | trim != '')) else 3000}}"
# TYPEORM_HOST: "{{ jiskefet_api_general_settings.TYPEORM_HOST if ((jiskefet_api_general_settings.TYPEORM_HOST is defined) and (jiskefet_api_general_settings.TYPEORM_HOST | trim != '')) else ansible_default_ipv4.address }}"
TYPEORM_CONNECTION: "{{ jiskefet_api_general_settings.TYPEORM_CONNECTION if ((jiskefet_api_general_settings.TYPEORM_CONNECTION is defined) and (jiskefet_api_general_settings.TYPEORM_CONNECTION | trim != '')) else 'mysql'}}"
+ TYPEORM_USERNAME: "{{ jiskefet_api_general_settings.TYPEORM_USERNAME if ((jiskefet_api_general_settings.TYPEORM_USERNAME is defined) and (jiskefet_api_general_settings.TYPEORM_USERNAME | trim != '')) else 'jiskefet'}}"
+ TYPEORM_PASSWORD: "{{ jiskefet_api_general_settings.TYPEORM_PASSWORD if ((jiskefet_api_general_settings.TYPEORM_PASSWORD is defined) and (jiskefet_api_general_settings.TYPEORM_PASSWORD | trim != '')) else 'abd1516812'}}"
TYPEORM_PORT: "{{ jiskefet_api_general_settings.TYPEORM_PORT if ((jiskefet_api_general_settings.TYPEORM_PORT is defined) and (jiskefet_api_general_settings.TYPEORM_PORT | trim != '')) else 3306}}"
TYPEORM_SYNCHRONIZE: "{{ jiskefet_api_general_settings.TYPEORM_SYNCHRONIZE if ((jiskefet_api_general_settings.TYPEORM_SYNCHRONIZE is defined) and (jiskefet_api_general_settings.TYPEORM_SYNCHRONIZE | trim != '')) else 'true'}}"
TYPEORM_LOGGING: "{{ jiskefet_api_general_settings.TYPEORM_LOGGING if ((jiskefet_api_general_settings.TYPEORM_LOGGING is defined) and (jiskefet_api_general_settings.TYPEORM_LOGGING | trim != '')) else 'false'}}"
@@ -62,10 +64,10 @@
TEST_DB_SYNCHRONIZE: "{{ jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE if ((jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE is defined) and (jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE | trim != '')) else 'true'}}"
TEST_DB_LOGGING: "{{ jiskefet_api_optional_settings.TEST_DB_LOGGING if ((jiskefet_api_optional_settings.TEST_DB_LOGGING is defined) and (jiskefet_api_optional_settings.TEST_DB_LOGGING | trim != '')) else 'true'}}"
jiskefet_ui_settings:
- USE_API_PREFIX: true
+ USE_API_PREFIX: "{{ jiskefet_ui_settings.USE_API_PREFIX if ((jiskefet_ui_settings.USE_API_PREFIX is defined) and (jiskefet_ui_settings.USE_API_PREFIX | trim != '')) else 'true' }}"
APPLICATION_NAME: "{{ jiskefet_ui_settings.APPLICATION_NAME if ((jiskefet_ui_settings.APPLICATION_NAME is defined) and (jiskefet_ui_settings.APPLICATION_NAME | trim != '')) else '{{ application_name }}' }}"
- FILE_UPLOAD_LIMIT: "{{ file_upload_limit }}"
- ALLOW_ANONYMOUS: "{{ jiskefet_ui_settings.ALLOW_ANONYMOUS }}"
+ FILE_UPLOAD_LIMIT: "{{ file_upload_limit }} if ((jiskefet_ui_settings.FILE_UPLOAD_LIMIT is defined) and (jiskefet_ui_settings.FILE_UPLOAD_LIMIT | trim != '')) else '50000' }}"
+ ALLOW_ANONYMOUS: "{{ jiskefet_ui_settings.ALLOW_ANONYMOUS }} if ((jiskefet_ui_settings.ALLOW_ANONYMOUS is defined) and (jiskefet_ui_settings.ALLOW_ANONYMOUS | trim != '')) else 'true' }}"
delegate_to: "{{ item }}"
with_items:
- "{{ groups.all }}"
diff --git a/inventory-jiskefet/group_vars/webservers b/roles/jiskefet-frontend/default/main.yml
similarity index 100%
rename from inventory-jiskefet/group_vars/webservers
rename to roles/jiskefet-frontend/default/main.yml
diff --git a/roles/jiskefet-frontend/files/ecosystem.json b/roles/jiskefet-frontend/files/ecosystem.json
new file mode 100644
index 0000000..ee34862
--- /dev/null
+++ b/roles/jiskefet-frontend/files/ecosystem.json
@@ -0,0 +1,29 @@
+{
+ "apps": [
+ {
+ "name": "API",
+ "cwd": "/var/lib/jiskefet/jiskefet-api",
+ "script": "npm",
+ "args": "run start",
+ "instances": "max",
+ "exec_mode": "cluster",
+ "autorestart": true,
+ "watch": false,
+ "env": {
+ "NODE_ENV": "dev"
+ },
+ "env_dev": {
+ "NODE_ENV": "dev"
+ },
+ "env_staging": {
+ "NODE_ENV": "staging"
+ },
+ "env_prod": {
+ "NODE_ENV": "prod"
+ },
+ "env_test": {
+ "NODE_ENV": "test"
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git a/roles/jiskefet-frontend/handlers/main.yml b/roles/jiskefet-frontend/handlers/main.yml
new file mode 100644
index 0000000..cef6e61
--- /dev/null
+++ b/roles/jiskefet-frontend/handlers/main.yml
@@ -0,0 +1,23 @@
+# /*
+# * Copyright (C) 2018 Amsterdam University of Applied Sciences (AUAS)
+# *
+# * This software is distributed under the terms of the
+# * GNU General Public Licence version 3 (GPL) version 3,
+# * copied verbatim in the file "LICENSE"
+# */
+
+---
+- name: restart NGiNX
+ become_method: sudo
+ service:
+ name: nginx
+ state: restarted
+ tags:
+ - git_pull
+
+- name: restart firewalld
+ become_method: sudo
+ service:
+ name: firewalld
+ state: restarted
+...
diff --git a/roles/jiskefet-frontend/meta/main.yml b/roles/jiskefet-frontend/meta/main.yml
new file mode 100644
index 0000000..7731e6d
--- /dev/null
+++ b/roles/jiskefet-frontend/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - { role: basevars }
diff --git a/roles/jiskefet-frontend/tasks/change-env-variables-frontend.yml b/roles/jiskefet-frontend/tasks/change-env-variables-frontend.yml
new file mode 100644
index 0000000..11acf11
--- /dev/null
+++ b/roles/jiskefet-frontend/tasks/change-env-variables-frontend.yml
@@ -0,0 +1,28 @@
+# /*
+# * Copyright (C) 2018 Amsterdam University of Applied Sciences (AUAS)
+# *
+# * This software is distributed under the terms of the
+# * GNU General Public Licence version 3 (GPL) version 3,
+# * copied verbatim in the file "LICENSE"
+# */
+
+---
+- name: Check if .env exists in jiskefet-ui project
+ stat:
+ path: /var/lib/jiskefet/jiskefet-ui/.env
+ register: stat_result
+ become_user: "{{ jiskefet_user }}"
+
+- name: Create .env in jiskefet-ui if it does not exist.
+ when: stat_result.stat.exists == False
+ file:
+ path: /var/lib/jiskefet/jiskefet-ui/.env
+ state: touch
+ become_user: "{{ jiskefet_user }}"
+
+- name: Set general settings for jiskefet-ui .env
+ lineinfile:
+ path: /var/lib/jiskefet/jiskefet-ui/.env
+ line: "{{ item.key }}={{ item.value }}"
+ with_dict: "{{ jiskefet_ui_settings }}"
+...
\ No newline at end of file
diff --git a/roles/jiskefet-frontend/tasks/getui.yml b/roles/jiskefet-frontend/tasks/getui.yml
new file mode 100644
index 0000000..864ad45
--- /dev/null
+++ b/roles/jiskefet-frontend/tasks/getui.yml
@@ -0,0 +1,11 @@
+---
+- name: checkout jiskefet-ui
+ git:
+ repo: "{{ remote_repository_url.JISKEFET_UI }}"
+ dest: /var/lib/jiskefet/jiskefet-ui
+ force: yes
+ version: "{{ repository_branch.JISKEFET_UI }}"
+ become_user: "{{ jiskefet_user }}"
+ tags:
+ - git_pull
+...
\ No newline at end of file
diff --git a/roles/jiskefet-frontend/tasks/main.yml b/roles/jiskefet-frontend/tasks/main.yml
new file mode 100644
index 0000000..005a9c2
--- /dev/null
+++ b/roles/jiskefet-frontend/tasks/main.yml
@@ -0,0 +1,57 @@
+# /*
+# * Copyright (C) 2018 Amsterdam University of Applied Sciences (AUAS)
+# *
+# * This software is distributed under the terms of the
+# * GNU General Public Licence version 3 (GPL) version 3,
+# * copied verbatim in the file "LICENSE"
+# */
+
+---
+# Set fact to overwrite the variable "{{ ansible_remote_address }}" with the remote its address if
+# "{{ ansible_remote_address }}" does not exist or "{{ ansible_remote_address }}"'s ip does not equal the remotes
+# ansible_default_ipv4.address
+# - name: set_fact to get the correct ip of the host
+# set_fact:
+# ansible_remote_address: "{{ ansible_remote_address if ((ansible_remote_address is defined) and (ansible_remote_address | trim != '') and (ansible_remote_address == ansible_default_ipv4.address)) else ansible_default_ipv4.address }}"
+# when: ((custom_ansible_remote_address is defined) and (custom_ansible_remote_address | trim == ''))
+# or
+# (custom_ansible_remote_address is undefined)
+
+# # Two commands to determine what the value of "{{ ansible_remote_address }}" is.
+# # if "{{ use_hostname_as_remote_address }}" is set to true, it will run the command 'hostname' on the hosts defined
+# # at webservers.
+# - name: get hostname
+# command: hostname
+# register: hostname_output
+# when: use_hostname_as_remote_address | bool == true
+
+# - name: set_fact when use_hostname_as_remote_address is true
+# set_fact:
+# ansible_remote_address: "{{ hostname_output.stdout }}"
+# when: use_hostname_as_remote_address | bool == true
+# When "{{ use_hostname_as_remote_address }}" is set to false, ansible will check if the "{{ ansible_remote_address }}"
+# If the variable is defined, it will use the user defined value, otherwise it will default to the result of variable
+# "{{ ansible_default_ipv4.address }}".
+
+
+# Install git
+- include_tasks: getui.yml
+ when: use_local_repository == "no"
+ tags:
+ - git_pull
+
+# Unarchive projects
+- include_tasks: unarchive-backend.yml
+ when: use_local_repository == "yes"
+
+# Setting the environment variables
+- import_tasks: change-env-variables-frontend.yml
+ tags:
+ - git_pull
+
+# Do npm install
+- import_tasks: npm-frontend.yml
+ tags:
+ - git_pull
+
+...
diff --git a/roles/web/tasks/npm.yml b/roles/jiskefet-frontend/tasks/npm-frontend.yml
similarity index 79%
rename from roles/web/tasks/npm.yml
rename to roles/jiskefet-frontend/tasks/npm-frontend.yml
index 02a0b76..8258675 100644
--- a/roles/web/tasks/npm.yml
+++ b/roles/jiskefet-frontend/tasks/npm-frontend.yml
@@ -7,12 +7,6 @@
# */
---
-- name: run npm install on jiskefet-api
- command: npm install
- become_user: "{{ jiskefet_user }}"
- args:
- chdir: "/var/lib/jiskefet/jiskefet-api"
-
- name: run npm install on jiskefet-ui
command: npm install
become_user: "{{ jiskefet_user }}"
diff --git a/roles/jiskefet-frontend/tasks/unarchive-frontend.yml b/roles/jiskefet-frontend/tasks/unarchive-frontend.yml
new file mode 100644
index 0000000..ce1171f
--- /dev/null
+++ b/roles/jiskefet-frontend/tasks/unarchive-frontend.yml
@@ -0,0 +1,8 @@
+---
+- name: Unarchive ui files to remote
+ unarchive:
+ owner: "{{ jiskefet_user }}"
+ src: ../jiskefet-ui.tar
+ dest: /var/lib/jiskefet
+ become_method: sudo
+...
\ No newline at end of file
diff --git a/roles/jiskefet-frontend/vars/main.yml b/roles/jiskefet-frontend/vars/main.yml
new file mode 100644
index 0000000..346b180
--- /dev/null
+++ b/roles/jiskefet-frontend/vars/main.yml
@@ -0,0 +1,8 @@
+---
+use_local_repository: 'no'
+
+remote_repository_url:
+ JISKEFET_UI: https://github.com/SoftwareForScience/jiskefet-ui.git
+repository_branch:
+ JISKEFET_UI: develop
+...
\ No newline at end of file
diff --git a/roles/local/tasks/main.yml b/roles/local/tasks/main.yml
index 150cf84..87ed38b 100644
--- a/roles/local/tasks/main.yml
+++ b/roles/local/tasks/main.yml
@@ -45,17 +45,4 @@
# Check ssh
- include_tasks: test-ssh.yml
when: online_hosts.results | length > 0
-
-# Do vault interaction
-# - include_tasks: interact-vault.yml
-# with_items: "{{ unable_to_connect_to_hosts | default({}) | json_query(get_hosts) }}"
-# vars:
-# get_hosts: "results[*].item.host"
-# loop_control:
-# loop_var: host
-# when: ((unable_to_connect_to_hosts is defined)
-# and
-# (unable_to_connect_to_hosts.results is defined)
-# and
-# (unable_to_connect_to_hosts.results | length > 0))
-...
+...
\ No newline at end of file
diff --git a/roles/local/vars/main.yml b/roles/local/vars/main.yml
deleted file mode 100644
index 341068c..0000000
--- a/roles/local/vars/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-# see https://github.com/SoftwareForScience/jiskefet-deploy/blob/develop/docs/configuration_file.md for more information
-# regarding the configuration fields.
diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index e0050ea..5f8babe 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -1,206 +1,44 @@
-# /*
-# * Copyright (C) 2018 Amsterdam University of Applied Sciences (AUAS)
-# *
-# * This software is distributed under the terms of the
-# * GNU General Public Licence version 3 (GPL) version 3,
-# * copied verbatim in the file "LICENSE"
-# */
-
---- # Install mariadb via ansible on centOS
-
-- name: set the different host groups for the 'host' part of the mysql_user module
- set_fact:
- host_group_with_ansible_hostname:
- - "{{ ansible_hostname }}"
- - 127.0.0.1
- - ::1
- - "%"
- - localhost
- host_group_without:
- - 127.0.0.1
- - ::1
- - "%"
- - localhost
-
-- name: subsequent set_fact is used to select the correct host_group to use for the mysql_user module.
- set_fact:
- host_group: "{{ host_group_without if (ansible_hostname == 'localhost') else host_group_with_ansible_hostname }}"
-
-- name: format the host_group variable and join them together
- set_fact:
- joined_host_group: "'{{ \"', '\".join(host_group) }}'"
-
-- name: Add official MariaDB repository
- become_method: sudo
- yum_repository:
- name: MariaDB
- description: Official MariaDB repository
- baseurl: "https://yum.mariadb.org/10.1/centos7-amd64"
- gpgkey: https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
- gpgcheck: true
- # tags: mariadb
-
-- name: Install packages
- become_method: sudo
+---
+- name: Ensure mariadb is installed
yum:
- name: ['MariaDB', 'MariaDB-server', 'MySQL-python']
- state: installed
- register: yum_output
- notify: enable mariadb on reboot
- # tags: mariadb
-
-- name: Start mysql server and enable it on reboot
- become_method: sudo
- service:
+ name: mariadb-server
+ state: latest
+ update_cache: yes
+ tags: installation
+
+- name: "Ensure mariadb service runs immediately and on startup"
+ systemd:
name: mariadb
+ enabled: yes
state: started
- enabled: true
-
-- name: make sql directory at /var/lib/jiskefet
- file:
- path: /var/lib/jiskefet/sql
- state: directory
- owner: "{{ jiskefet_user }}"
-
-- name: Copy create_db_charset_utf8mb4.sql from local to remote
- template:
- src: create_db_charset_utf8mb4.sql.j2
- dest: /var/lib/jiskefet/sql/create_db_charset_utf8mb4.sql
- owner: "{{ jiskefet_user }}"
-
-- name: Copy create_test_db_charset_utf8mb4.sql from local to remote
- template:
- src: create_test_db_charset_utf8mb4.sql.j2
- dest: /var/lib/jiskefet/sql/create_test_db_charset_utf8mb4.sql
- owner: "{{ jiskefet_user }}"
-
-- name: Copy my.cnf from local to remote
- template:
- src: my.cnf.j2
- dest: /etc/my.cnf
- become_method: sudo
-
-- name: Set root password
- mysql_user:
- name: root
- host: "{{ item }}"
- password: "{{ mysql_root_password }}"
- login_user: root
- login_password: "{{ mysql_root_password }}"
- check_implicit_admin: yes
- with_items:
- - "{{ host_group }}"
- # when: yum_output.results | select('search', 'installed') | list | count != 3 # when statement is used to ensure that the task is only run once
-
-- name: Reload privilege tables
- command: 'mysql -u root -p"{{ mysql_root_password }}" -ne "{{ item }}"'
- with_items:
- - FLUSH PRIVILEGES
- changed_when: False
- # when: yum_output.results | select('search', 'installed') | list | count != 3
-
-- name: Remove anonymous users
- command: 'mysql -u root -p"{{ mysql_root_password }}" -ne "{{ item }}"'
- with_items:
- - DELETE FROM mysql.user WHERE User=''
- changed_when: False
- # when: yum_output.results | select('search', 'installed') | list | count != 3
+ daemon_reload: yes
+ tags: installation
-- name: Disallow root from logging in remotely
- command: 'mysql -u root -p"{{ mysql_root_password }}" -ne "{{ item }}"'
- with_items:
- - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ({{ joined_host_group }})
- changed_when: False
- # when: yum_output.results | select('search', 'installed') | list | count != 3
-
-- name: Remove test database
- command: 'mysql -u root -p"{{ mysql_root_password }}" -ne "{{ item }}"'
- with_items:
- - DROP DATABASE IF EXISTS test
- - DELETE FROM mysql.db WHERE Db='test'
- changed_when: False
- # when: yum_output.results | select('search', 'installed') | list | count != 3
-
-- name: Create mysql user "{{ jiskefet_api_general_settings.TYPEORM_USERNAME }}"
- mysql_user:
- name: "{{ jiskefet_api_general_settings.TYPEORM_USERNAME }}"
- host: "{{ item }}"
- password: "{{ jiskefet_api_general_settings.TYPEORM_PASSWORD }}"
- login_user: "root"
- login_password: "{{ mysql_root_password }}"
- priv: "{{ jiskefet_api_general_settings.TYPEORM_DATABASE }}.*:ALL,GRANT"
- state: present
- with_items:
- - "{{ host_group }}"
-
-- name: Create mysql test user "{{ jiskefet_api_optional_settings.TEST_DB_USERNAME }}"
- mysql_user:
- name: "{{ jiskefet_api_optional_settings.TEST_DB_USERNAME }}"
- host: "{{ item }}"
- password: "{{ jiskefet_api_optional_settings.TEST_DB_PASSWORD }}"
- login_user: "root"
- login_password: "{{ mysql_root_password }}"
- priv: "{{ jiskefet_api_optional_settings.TEST_DB_DATABASE }}.*:ALL,GRANT"
- state: present
- with_items:
- - "{{ host_group }}"
- when:
- not
- ((jiskefet_api_optional_settings.TEST_DB_USERNAME is undefined)
- or
- (jiskefet_api_optional_settings.TEST_DB_USERNAME is none)
- or
- (jiskefet_api_optional_settings.TEST_DB_USERNAME | trim == ''))
-
-- name: Drop database "{{ jiskefet_api_general_settings.TYPEORM_DATABASE }}" (only for testing purposes)
- command: 'mysql -u root -p"{{ mysql_root_password }}" -ne "{{ item }}"'
- with_items:
- - DROP database "{{ jiskefet_api_general_settings.TYPEORM_DATABASE }}"
- tags: ['never', 'recreate_database']
-
-- name: Create database "{{ jiskefet_api_general_settings.TYPEORM_DATABASE }}"
- ignore_errors: yes
- mysql_db:
- login_user: 'root'
- login_password: "{{ mysql_root_password }}"
- state: import
- name: 'all'
- target: /var/lib/jiskefet/sql/create_db_charset_utf8mb4.sql
- notify: restart mysql
- tags: 'recreate_database'
-
-- name: Create test database
- ignore_errors: yes
- mysql_db:
- login_user: 'root'
- login_password: "{{ mysql_root_password }}"
- state: import
- name: 'all'
- target: /var/lib/jiskefet/sql/create_test_db_charset_utf8mb4.sql
- notify: restart mysql
- when:
- not
- ((jiskefet_api_optional_settings.TEST_DB_USERNAME is undefined)
- or
- (jiskefet_api_optional_settings.TEST_DB_USERNAME is none)
- or
- (jiskefet_api_optional_settings.TEST_DB_USERNAME | trim == ''))
-
-- name: Add daily backup cron job
- cron:
- name: "jiskefet-db-backup"
- minute: "0"
- hour: "0"
- day: "*"
- weekday: "*"
- month: "*"
- job: '/usr/bin/mysqldump -u{{ jiskefet_api_general_settings.TYPEORM_USERNAME }} -p{{ jiskefet_api_general_settings.TYPEORM_PASSWORD}} {{ jiskefet_api_general_settings.TYPEORM_DATABASE }} > /var/lib/jiskefet/backup-`date +\%Y-\%m-\%dT\%H-\%M-\%S`.sql'
+- name: Ensure MySQL-python is installed
+ yum:
+ name: MySQL-python
+ state: latest
+ update_cache: yes
+ tags: installation
-- name: Add firewall exceptions
- become_method: sudo
+- name: Ensure database ports are open
firewalld:
- service: mysql
- permanent: yes
+ permanent: true
+ immediate: true
+ port: "{{ item }}/tcp"
+ zone: public
state: enabled
- notify: restart firewalld
-...
\ No newline at end of file
+ ignore_errors: yes
+ with_items:
+ - "3306"
+ tags: installation
+
+- name: Set root user password
+ mysql_user: name=root
+ host=localhost
+ password="{{ mysql_root_password }}"
+ check_implicit_admin=yes
+ login_user="root"
+ login_password="{{ mysql_root_old_password }}"
+ state=present
+ tags: configuration
diff --git a/roles/mariadb/templates/create_db_charset_utf8mb4.sql.j2 b/roles/mariadb/templates/create_db_charset_utf8mb4.sql.j2
deleted file mode 100644
index beabf20..0000000
--- a/roles/mariadb/templates/create_db_charset_utf8mb4.sql.j2
+++ /dev/null
@@ -1 +0,0 @@
-CREATE DATABASE {{ jiskefet_api_general_settings.TYPEORM_DATABASE }} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
\ No newline at end of file
diff --git a/roles/mariadb/templates/create_test_db_charset_utf8mb4.sql.j2 b/roles/mariadb/templates/create_test_db_charset_utf8mb4.sql.j2
deleted file mode 100644
index cf80594..0000000
--- a/roles/mariadb/templates/create_test_db_charset_utf8mb4.sql.j2
+++ /dev/null
@@ -1 +0,0 @@
-CREATE DATABASE {{ jiskefet_api_optional_settings.TEST_DB_DATABASE }} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
\ No newline at end of file
diff --git a/roles/mariadb/templates/my.cnf.j2 b/roles/mariadb/templates/my.cnf.j2
deleted file mode 100644
index 60e1c08..0000000
--- a/roles/mariadb/templates/my.cnf.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-# Possibly use https://gist.github.com/fevangelou/fb72f36bbe333e059b66 as a base config.
-
-[client-server]
-
-[mysqld]
-max-allowed-packet = {{ database_packet_limit }}
-character-set-client-handshake = FALSE
-character-set-server = utf8mb4
\ No newline at end of file
diff --git a/roles/mariadb/vars/main.yml b/roles/mariadb/vars/main.yml
deleted file mode 100644
index a7f8192..0000000
--- a/roles/mariadb/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-database_packet_limit: 500M
\ No newline at end of file
diff --git a/roles/nginx/README.md b/roles/nginx/README.md
new file mode 100644
index 0000000..d34b12e
--- /dev/null
+++ b/roles/nginx/README.md
@@ -0,0 +1,12 @@
+# nginx
+
+An Ansible role that installs and configures [nginx](https://www.nginx.com/).
+By default:
+ - Runs on port `80`
+ - Copies O2 Web UI catalogue page
+
+## Host Variables (optional)
+
+| Variable | Default value | Notes |
+| ---------------------------- | --------------------|---------------------------------------------- |
+| nginx_port | `80` | - |
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
index ddfc64f..215ace3 100644
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@@ -1,5 +1,2 @@
---
-nginx_http_port: 80
-nginx_https_port: 443
-nginx_version: 1.16.0
-file_upload_limit: 500000
\ No newline at end of file
+nginx_port: 80
diff --git a/roles/nginx/files/index.html b/roles/nginx/files/index.html
new file mode 100644
index 0000000..c2725f8
--- /dev/null
+++ b/roles/nginx/files/index.html
@@ -0,0 +1,607 @@
+
+
+ O2 Web UI directory
+
+
+ O2 Web UI directory
+Control
+
+Logging
+
+Quality Control
+
+Monitoring
+
+
+
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index c028cc2..618c6cf 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -1,11 +1,3 @@
-# /*
-# * Copyright (C) 2018 Amsterdam University of Applied Sciences (AUAS)
-# *
-# * This software is distributed under the terms of the
-# * GNU General Public Licence version 3 (GPL) version 3,
-# * copied verbatim in the file "LICENSE"
-# */
-
---
- name: Ensure nginx {{ nginx_version }} is present
package:
@@ -15,6 +7,19 @@
notify: Restart nginx
tags: installation
+- name: Copy main page
+ copy:
+ src: "{{ role_path }}/files/index.html"
+ dest: /var/www/html/
+ tags: installation
+
+- name: Deploy main configuration file
+ template:
+ src: default.conf.j2
+ dest: /etc/nginx/conf.d/default.conf
+ notify: Restart nginx
+ tags: configuration
+
- name: Start nginx on boot
systemd:
name: nginx
@@ -23,45 +28,11 @@
daemon_reload: yes
tags: configuration
-- name: Make NGiNX directory for custom configs
- become_method: sudo
- file:
- path: /etc/nginx/conf.d
- state: directory
- tags: configuration
-
-- name: Copy custom proxy.conf from local to remote
- template:
- src: proxy.conf.j2
- dest: /etc/nginx/conf.d/proxy.conf
- become_method: sudo
- tags: configuration
-
-- name: Replace default nginx.conf
- template:
- src: nginx.conf.j2
- dest: /etc/nginx/nginx.conf
- become_method: sudo
- tags: configuration
-
-- name: Change owner of folder /var/lib/nginx to {{ jiskefet_user }}
- file:
- path: /var/lib/nginx
- state: directory
- recurse: yes
- owner: "{{ jiskefet_user }}"
- group: "{{ jiskefet_user }}"
- become_method: sudo
+- name: Open port {{ nginx_port }} in firewall
+ firewalld:
+ port: "{{ nginx_port }}/tcp"
+ permanent: true
+ state: enabled
+ immediate: yes
+ ignore_errors: yes
tags: configuration
-
-- name: Remove default.conf
- file:
- path: /etc/nginx/conf.d/default.conf
- state: absent
-
-- name: Test NGiNX config
- command: nginx -T
- become_method: sudo
- tags: configuration
-
-...
\ No newline at end of file
diff --git a/roles/nginx/templates/default.conf.j2 b/roles/nginx/templates/default.conf.j2
new file mode 100644
index 0000000..4ca359b
--- /dev/null
+++ b/roles/nginx/templates/default.conf.j2
@@ -0,0 +1,10 @@
+server {
+ listen {{ nginx_port }} default_server;
+ listen [::]:{{ nginx_port }} default_server;
+ root /var/www/html;
+ index index.html;
+ server_name {{ ansible_fqdn }};
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
deleted file mode 100644
index ebfde5c..0000000
--- a/roles/nginx/templates/nginx.conf.j2
+++ /dev/null
@@ -1,72 +0,0 @@
-# /*
-# * Copyright (C) 2018 Amsterdam University of Applied Sciences (AUAS)
-# *
-# * This software is distributed under the terms of the
-# * GNU General Public Licence version 3 (GPL) version 3,
-# * copied verbatim in the file "LICENSE"
-# */
-
-user {{ jiskefet_user }};
-worker_processes auto;
-error_log /var/log/nginx/error.log;
-pid /run/nginx.pid;
-
-# Load dynamic modules. See /usr/share/nginx/README.dynamic.
-include /usr/share/nginx/modules/*.conf;
-
-events {
- worker_connections 1024;
-}
-
-http {
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
-
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
-
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- # Load modular configuration files from the /etc/nginx/conf.d directory.
- # See http://nginx.org/en/docs/ngx_core_module.html#include
- # for more information.
- include /etc/nginx/conf.d/*.conf;
-
-# Settings for a TLS enabled server.
-#
-# server {
-# listen 443 ssl http2 default_server;
-# listen [::]:443 ssl http2 default_server;
-# server_name _;
-# root /usr/share/nginx/html;
-#
-# ssl_certificate "/etc/pki/nginx/server.crt";
-# ssl_certificate_key "/etc/pki/nginx/private/server.key";
-# ssl_session_cache shared:SSL:1m;
-# ssl_session_timeout 10m;
-# ssl_ciphers HIGH:!aNULL:!MD5;
-# ssl_prefer_server_ciphers on;
-#
-# # Load configuration files for the default server block.
-# include /etc/nginx/default.d/*.conf;
-#
-# location / {
-# }
-#
-# error_page 404 /404.html;
-# location = /40x.html {
-# }
-#
-# error_page 500 502 503 504 /50x.html;
-# location = /50x.html {
-# }
-# }
-
-}
diff --git a/roles/nginx/templates/proxy.conf.j2 b/roles/nginx/templates/proxy.conf.j2
deleted file mode 100644
index 6012eff..0000000
--- a/roles/nginx/templates/proxy.conf.j2
+++ /dev/null
@@ -1,54 +0,0 @@
-# /*
-# * Copyright (C) 2018 Amsterdam University of Applied Sciences (AUAS)
-# *
-# * This software is distributed under the terms of the
-# * GNU General Public Licence version 3 (GPL) version 3,
-# * copied verbatim in the file "LICENSE"
-# */
-
-server {
- ## port to listen on
- listen 80;
- listen [::]:80;
- listen 443;
- listen [::]:443;
- ## set root directory
- root /var/lib/jiskefet/jiskefet-ui/;
-
- ## if a page is not specified look for index.html
- index src/index.html;
-
- ## when root is accessed, go to whatever is specified in block
- location / {
- autoindex on;
- try_files $uri /src/index.html; # used for not resolving the oauth callback in url /callback
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $remote_addr;
- add_header Content-Security-Policy {{ allow_csp_payload }};
- }
-
- ## reverse proxy
- location /api/ {
- proxy_pass http://localhost:{{ jiskefet_api_general_settings.PORT }}/;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection 'upgrade';
- proxy_set_header Host $host;
- proxy_cache_bypass $http_upgrade;
- client_max_body_size {{ (file_upload_limit | int) * 1024 * 1024 }}; # Setting the file upload limit for the API
- }
-
- ## Media: images, icons, video, audio, HTC
- location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
- expires 1M;
- access_log off;
- add_header Cache-Control "public";
- }
-
- ## CSS and Javascript
- #location ~* \.(?:css|js)$ {
- # expires 1y;
- # access_log off;
- # add_header Cache-Control "public";
- #}
-}
diff --git a/roles/nginx/vars/main.yml b/roles/nginx/vars/main.yml
deleted file mode 100644
index ed97d53..0000000
--- a/roles/nginx/vars/main.yml
+++ /dev/null
@@ -1 +0,0 @@
----
diff --git a/roles/web/tasks/git.yml b/roles/web/tasks/git.yml
deleted file mode 100644
index ba32c3d..0000000
--- a/roles/web/tasks/git.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-# /*
-# * Copyright (C) 2018 Amsterdam University of Applied Sciences (AUAS)
-# *
-# * This software is distributed under the terms of the
-# * GNU General Public Licence version 3 (GPL) version 3,
-# * copied verbatim in the file "LICENSE"
-# */
-
----
-- name: install git
- yum:
- name: git
- state: present
- become_method: sudo
-
-- name: checkout jiskefet-api
- git:
- repo: "{{ remote_repository_url.JISKEFET_API }}"
- dest: /var/lib/jiskefet/jiskefet-api
- force: yes
- version: "{{ repository_branch.JISKEFET_API }}"
- become_user: "{{ jiskefet_user }}"
- tags:
- - git_pull
-
-- name: checkout jiskefet-ui
- git:
- repo: "{{ remote_repository_url.JISKEFET_UI }}"
- dest: /var/lib/jiskefet/jiskefet-ui
- force: yes
- version: "{{ repository_branch.JISKEFET_UI }}"
- become_user: "{{ jiskefet_user }}"
- tags:
- - git_pull
-...
diff --git a/site.yml b/site.yml
index 1ab239c..29225c9 100644
--- a/site.yml
+++ b/site.yml
@@ -9,9 +9,10 @@
---
- import_playbook: local.yml
-- import_playbook: common.yml
- import_playbook: database.yml
-- import_playbook: webserver.yml
+- import_playbook: jiskefet_common.yml
+- import_playbook: jiskefet_backend.yml
+- import_playbook: jiskefet_frontend.yml
# This playbook deploys the whole application stack in this site.
...
diff --git a/utils/o2-install-jiskefet b/utils/o2-install-jiskefet
new file mode 100755
index 0000000..55f6a0d
--- /dev/null
+++ b/utils/o2-install-jiskefet
@@ -0,0 +1,123 @@
+#!/bin/bash
+
+# Convenience script for deploying the flp-standalone role
+# It expects the following arguments
+# - the target hostname,
+# - the connecting user,
+# - the with-tests flag (optional)
+#
+# It takes care of the following:
+# 1) It copies the local ssh key to set up passwordless root SSH
+#
+# 2) It creates the /tmp/ansible-flp-host inventory file
+#
+# 3) It executes the ansible-playbook command for the role
+#
+# The values of the ANSIBLE_HTTP_PROXY and ANSIBLE_HTTPS_PROXY
+# env vars will be passed to the relevant playbook
+#
+
+hostname=$1
+user=$2
+withtests=$3
+
+help() {
+ echo -e "\nUsage:\n$0 (hostname) (user) [with-tests] \n"
+}
+
+if [[ ( $1 == "--help" ) || ( $1 == "-h" ) ]]
+then
+ help
+ exit 0
+fi
+
+# Check number of arguments
+if [[ ($# -lt 2) || ($# -gt 3) ]]
+then
+ help
+ exit 1
+fi
+
+echo -e "Starting flp-standalone installation at $hostname as $user\n"
+
+# Check that target host is reachable and SSH port open
+nc -z $hostname 22
+NCCODE=$?
+if [[ $NCCODE -ne 0 ]]
+then
+ echo -e "\nTarget '$hostname' is unreachable. Exiting."
+ exit $NCCODE
+fi
+
+# Copy ssh-key
+echo "Trying to copy ssh key to $user@$hostname"
+echo -e "Please provide $user's password unless ssh keys already exist on target machine\n"
+ssh-copy-id $user@$hostname
+
+# If ssh-copy-id failed, ask for ssh password through ansible
+if [[ $? -ne 0 ]]
+then
+ echo -e "\nssh-copy-id failed; ansible will ask for ssh password\n"
+ ASK_SSHPASS="--ask-pass"
+ export ANSIBLE_HOST_KEY_CHECKING=false
+fi
+
+if [[ $withtests != "" ]]
+then
+ WITH_TESTS="-e test=true"
+fi
+
+# If user is not root, ask for sudo password through ansible
+if [[ $user != "root" ]]
+then
+ echo -e "\nuser not root; ansible may ask for sudo password\n"
+ ASK_BECOMEPASS="--ask-become-pass"
+fi
+
+# Create inventory dir under /tmp
+INVDIR="/tmp/ansible-hosts/"
+mkdir -p $INVDIR
+
+GROUPNAME="jiskefet_frontend"
+
+# Create hosts file
+HOSTLINES="[$GROUPNAME]\n$hostname\n"
+HOSTFILE="$INVDIR/hosts"
+printf "$HOSTLINES" > $HOSTFILE
+
+BACKENDHOSTLINES="\n[jiskefet_backend]\n$hostname remote_privileged_user=$user\n"
+printf "$BACKENDHOSTLINES" >> $HOSTFILE
+
+# Create group_vars dir and file
+mkdir -p $INVDIR/group_vars
+GROUPVARSFILE="$INVDIR/group_vars/$GROUPNAME"
+if [[ (! -z $ANSIBLE_HTTP_PROXY) && (! -z $ANSIBLE_HTTPS_PROXY) ]]
+then
+ PROXYENVLINES="proxy_env:\n http_proxy: $ANSIBLE_HTTP_PROXY\n https_proxy: $ANSIBLE_HTTPS_PROXY \n"
+else
+ PROXYENVLINES="proxy_env: {}"
+fi
+printf "$PROXYENVLINES" > $GROUPVARSFILE
+
+ANSIBLEPATH="../"
+echo "Running ansible recipe..."
+
+# Run ansible
+ansible-playbook $ANSIBLEPATH/site.yml -i $HOSTFILE --user $user $ASK_SSHPASS $ASK_BECOMPASS $WITH_TESTS
+
+# Assign return code to variable
+ANSIBLECODE=$?
+
+if [[ $ANSIBLECODE == 0 ]]
+then
+ echo -e "The ansible recipe has finished.\n"
+
+ # Reboot target
+ echo "Target may need a reboot for changes to take effect."
+fi
+
+# Clean temporary director to avoid permission issues on subsequent executions by different users
+#rm -rf $INVDIR
+
+# Exit with Ansible code
+exit $ANSIBLECODE